libxml2: out-of-bounds read

Debian Bug report logs - #783010
libxml2: out-of-bounds read

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libxml2: out-of-bounds read

Date: Mon, 20 Apr 2015 17:23:38 +0200

Source: libxml2
Version: 2.9.2+dfsg1-3
Severity: normal
Tags: security upstream fixed-upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=744980

Hi

Michal Zalewski an out-of-bound reads issue in libxml2, see
http://www.openwall.com/lists/oss-security/2015/04/19/5 for the CVE
request (none assigned yet).

Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=744980

Please adjust the affected versions as needed in the BTS, just looked
at libxml2 in unstable.

Regards,
Salvatore

Message #10 received at 783010@bugs.debian.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: debian-lts@lists.debian.org

Cc: 782782@bugs.debian.org, 782985@bugs.debian.org, 783010@bugs.debian.org, daniel@veillard.com

Subject: Security update of libxml2 in Debian squeeze-lts

Date: Thu, 04 Jun 2015 09:42:51 +0000

[Message part 1 (text/plain, inline)]

Control: tags -1 patch

Dear package maintainers, dear LTS team, dear Daniel Veillard (libxml2  
upstream maintainer),

attached is a .debdiff for fixing CVE-related issues #782782 [0a],  
#782985 [0b] and #783010 [0c] in Debian squeeze-lts. The src:package  
format is 1.0, so changes have been applied on top of the previous  
source code tree version. However, I shipped the individual patches  
for better review in debian/patches (with applying them at build-time).

As the backporting/rebasing of the upstream commit for fixing #782782  
has not been so trivial, I'd highly appreciate a patch review from  
someone with more libxml2'ish background.

Furthermore, only #782782 and #783010 have been fixed upstream  
already, the third issue (#782985) has been reported on upstream GNOME  
bugzilla [1] and also a patch has been provided there [2]. However,  
upstream (i.e., Daniel) hasn't taken any action on fixing that issue,  
so far. Thus, Cc:-ing the upstream maintainer of libxml2 (and hoping  
he can give some feedback on this). What are the plans for that  
reported bug. Any feedback you can give at this time?

For the issues #782985 and #783010 the upstream bug reports provide  
some test cases. I could reproduce the tests failing with the  
2.7.8-2+squeeze11 package version in squeeze-lts and reproduce the  
tests passing with my proposal for 2.7.8-2+squeeze12.

However, for #782782 I do not have any idea how to test that issue, or  
rather in what installation/usage scenarios it is possible to see the  
reported DoS issue coming into play.

The packages have been built against squeeze-lts and uploaded to a  
non-Debian .deb archive [3,4] of mine.

Thanks+Greets,
Mike (from the Debian LTS team)

[0a] http://bugs.debian.org/782782
[0b] http://bugs.debian.org/782985
[0c] http://bugs.debian.org/783010
[1] https://bugzilla.gnome.org/show_bug.cgi?id=746048
[2] https://bugzilla.gnome.org/attachment.cgi?id=299127&action=diff
[3] http://packages.it-zukunft-schule.de/debian/pool/main/libx/libxml2/
[4] deb http://packages.it-zukunft-schule.de/debian squeeze main




-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[libxml2_2.7.8.dfsg-2+squeeze11_2.7.8.dfsg-2+squeeze12.debdiff (text/plain, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #17 received at 783010-close@bugs.debian.org (full text, mbox, reply):

From: Mike Gabriel <sunweaver@debian.org>

To: 783010-close@bugs.debian.org

Subject: Bug#783010: fixed in libxml2 2.7.8.dfsg-2+squeeze12

Date: Tue, 30 Jun 2015 19:34:15 +0000

Source: libxml2
Source-Version: 2.7.8.dfsg-2+squeeze12

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 May 2015 13:37:58 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.7.8.dfsg-2+squeeze12
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 782782 782985 783010
Changes: 
 libxml2 (2.7.8.dfsg-2+squeeze12) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * debian/patches:
     + Fix CVE-2015-1819:  Enforce the reader to run in constant memory.
       (Closes: #782782).
     + Fix out-of-bounds memory access when parsing an unclosed HTML comment.
       (Closes: #782985).
     + Fix out-of-bound memory access during read operations. (Closes: #783010).
   * debian/rules:
     + Disable updating of config.sub and config.guess during
       override_dh_auto_clean to avoid .debdiff pollution.
Checksums-Sha1: 
 cad07b9ed1d82af6e9c5a4a850f770979d75b4f9 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc
 32dae94c8586d2d2b541a3d559119005a85931ad 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz
 f35c5c06b9308b92b10ce9b4e1f8a273e8033d77 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 d3e0281f9b1d5b48a02c3cd13459fda1376dbf8e 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb
 2a8489136144332e365754f359fcf6f81836f702 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb
 d1c7f883bf8db616987fa4e16937730a0ad62107 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb
 90a09f4461f687316afa3794b58fe6becb1fbfb8 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb
 752cf8de68974634e485278bd66b47c094f6ee83 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 62a56ed5540c0d7afe84a00a1e22d7d41777fe6f 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb
Checksums-Sha256: 
 caed369c39b9f938487dd9ad9a882885b88197f75038da3a203807f07f8d2b73 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc
 1b200e219a9c5c99d9206403a8ed7c2b9a1c7071e5d007e1efd7ebc3bfaf4888 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz
 f6fb97455ce972248eaaedc219cf2860736709d0fb386ffb4ce40d000fe724f8 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 f252922bb86e0fcac3bd2081929b0f4b4f35b3f45ce2822e5af81ead3f797b73 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb
 2ee8beca3f509ef235dbd618d546e4d646576b18205425e7763a187a8c052f6f 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb
 c69727af30bdca658bccf1bb56e97d7cb89b7f125912dbec149cac1cde2a7f0c 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb
 eabcc505adb9414a2d59bb8f5216ab64911e25a8411a99adb7b78f0d19155f44 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb
 8f39e1b49f7a8ccbac349c9df51c8863d34ec1d92e1f781deb5fb74722b56df1 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 b823a6133e23e80e36e2258d1f40691264ab6543545c230ea8c0e4436157ed31 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb
Files: 
 1fea8792ff13982cb91d1d2e980df6eb 2426 libs optional libxml2_2.7.8.dfsg-2+squeeze12.dsc
 a30d6731f2d386fa732c37adc9df39f3 129695 libs optional libxml2_2.7.8.dfsg-2+squeeze12.diff.gz
 049693d2d1463d4c1d54705526d772f2 875920 libs standard libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 4471805189f4968271ab6d8c38655242 94448 text optional libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb
 b8a915afb3c42bc27dc86c29806ba730 832468 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb
 a5b563f663875996422b552ade779647 991698 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb
 148d69ed482b8104a2bc106cd87fa3e2 1378304 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb
 2953603d24f56a3f700f1042c37d4de2 341358 python optional python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb
 43f08b8aa94017c105b336abb737dd66 873454 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVkuqRAAoJEJr0azAldxsx/sYP/RfomfpVAfBJuJzqYlsJflYX
HfTJfFcvQQ1BD49eYJAjk3WUBUfYm3cKiRCJppMl8TOI1VolXHUr0LOF1Hf32Acf
kJys9mDIBO6fKEZ4fNqZYAqcgkiott5MRXsQEm6HO4JTNdNVcdymTp8kPnZYaNEQ
UA1Zg3smzjpeANgrBCca292svoEtz+gOHm3ZvD/dUUkXROiMIaHf42NKDyqVvE1F
c85Nu+WGiulrwRVXXD/Toai1qoLV0AEvWCHHMUWXbTEyoS4DBbkVqxWIEVZURiKX
rtT5RnkTcUmLLrIWUB/khCgltEno3ARpi1TTbMquc6i+/12Oh6C17e0HKNJSblVu
X3Owmrb23OledtAj1Lhu5Uu3ofOgOVKEHkZrGC7A418Qcw8x0GZw1d4b9VilK+cG
YXr+Y+b9NrEZ714TpmZPuu5W3tGVxyF5Xg5q8vYjYAwJEXOqKexu4UllSzqwUPcr
0UF7lAyJJoCXFlSvORCSaxlXiP4uykXIrNOYZLgc30xuEYWaxDVF9oaK1kj+Ae0F
n/tXZlCXxYAjIXjRjWd06Ulz6JLVN9MkFyFO6ZMxixmgjJbQ9hBSliNgw13Eg9Hh
rQVyDk0TRubYqMtZ9FLRhbYFTQcq/s5lIlXipn4A0R+ZL+rlERiGVcFxdWTl6/EP
u73vr5wy+i7ly5vCIxcc
=H7GX
-----END PGP SIGNATURE-----

Message #26 received at 783010-close@bugs.debian.org (full text, mbox, reply):

From: Raphaël Hertzog <hertzog@debian.org>

To: 783010-close@bugs.debian.org

Subject: Bug#783010: fixed in libxml2 2.9.2+really2.9.1+dfsg1-0.1

Date: Tue, 25 Aug 2015 22:21:45 +0000

Source: libxml2
Source-Version: 2.9.2+really2.9.1+dfsg1-0.1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <hertzog@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Aug 2015 22:31:29 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.9.2+really2.9.1+dfsg1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Raphaël Hertzog <hertzog@debian.org>
Description:
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 766884 782782 782985 783010
Changes:
 libxml2 (2.9.2+really2.9.1+dfsg1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Go back to 2.9.1+dfsg1 upstream sources so that xmllint works
     again. Closes: #766884
   * Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring
     CVE-2014-3660 is fixed too.
   * Fix 3 security issues by adding 4 patches:
     - CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause
       a denial of service (memory consumption) via crafted XML data, related to
       an XML Entity Expansion (XEE) attack. Closes: #782782
     - Out-of-bounds access when parsing unclosed HTML comment
       https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985
     - Out-of-bounds memory access
       https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010
   * Add dh-python to Build-Depends for dh_python2
Checksums-Sha1:
 a64ba3b2d1e0a8d751d04b17027e3a52bafdb203 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc
 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz
 ee0b0aa9016e5b4fb2540c9e313da13cfadbc59d 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz
 0ce53f22f8b37fa2c53bfa990539e68175b6defe 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 d90a5a909dda1a468ee8dabd0ce461371f247a84 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 c6adce6ac2fa03d28082fb4fe1bc95cb4ead923b 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb
 c12af54d0d1b232abdcad95745e7052a20650335 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 00743fc3caace4842c0683bea31c96b3fba04c59 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 7e53f7bcaf88c22e7f92936602c2409ae7534b0e 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 08e6b589b120b30255681eb6f6b44d74369eda42 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 43c7c886b53082a5d8233274c001746f586bf049 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
Checksums-Sha256:
 d7292bed69d13a0d5255f90c3d021adc895c8cabf73b68972953804634417ac8 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc
 f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz
 14a2e268ecb2dd0b96dd1c468dca377936e5eb64194124541207e2d532917be8 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz
 12de68dd50482b29539276d74ab6e355179f99c19da2d74f32174c154b407eca 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 fb5dd38969173e2de4a18b5e7d0d8a59185cb582a368211c192def3c89b4fdd4 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 313cce10929ba1c823b9ebcf0dbcac2e1ce2a5c0755d154793d6376114796755 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb
 54b67e8a3050804a7f625b2487c21eea7d928de5b92025d1ee9b3c9fedf15c09 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 c402f79d5aeab057c5f72a21bd88ecdb732fec042a609266b9f47aa65b325bdb 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 fb431837452da447c45721ccc75ab0b8af60a48611ff397b45728fec0d8f1e2d 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 a361ef7131b20905f5703a3cccad6bba6068d07f28c281feb5fb13b2ca88e135 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 838d0f9adf177764c266d6db710d7b21b3bfcd863baf90aee3a56605696d9f01 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
Files:
 097704147dde7181ce315a40c3b416b6 2375 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc
 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz
 7a3231b2c0affc5e76d5f884bd87536d 44304 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz
 dfb85eee2f090b9f573cf36a3ac20fd9 1725594 debug extra libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 aacbf1b74b93cfa3d37884741e60b188 798456 libdevel optional libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 ceda9e2246a1a9d7ef54602e67810744 815636 doc optional libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb
 dd72e2d3c8cc6824595a4eb5cd9ebe0f 127552 debug extra libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 9838a3fc4f02987e0962e65f33916b9a 91636 text optional libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 fde05b4d198e3e0ce9f94c89bae3aebc 905174 libs standard libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 95d9f1fa91bb02b8b4b6f87e36bee240 318072 debug extra python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb
 61b55f83b6474fdff1daa4c8529ad1c1 193666 python optional python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJV3OH0AAoJEAOIHavrwpq5aWIH/j+JC3AOVzgDLkoSqB8n/0YV
F5gJiPSxBviKqty8K35V463AVzpL8K6elD8BmoCkMuL7VfRO69jkacP+VPc83518
kjxneOnZTCUGdJj7KdyWxosHbJ3msS36khu1R6q37wh0JpV6xWdZ4kZ7Uk2SeUPR
UFdqpH8mf17gVAUuXP076YHLjkU9YQmPCuD1m98u6LxfB3Synxaz+UH9E3JVtBov
HR4XihaYY/4cBzZx/5a/I5YlWpwvtlReeowf3PZpy2raS/633lHiv93ZQJegf8Ne
+JjtiyF5sjRjn6ld8s2iZLW23/msVpSIJdUmhfKwFnHid1qigMbkuHagnOuw+zM=
=L1K0
-----END PGP SIGNATURE-----

Message #31 received at 783010-close@bugs.debian.org (full text, mbox, reply):

From: Aron Xu <aron@debian.org>

To: 783010-close@bugs.debian.org

Subject: Bug#783010: fixed in libxml2 2.9.2+zdfsg1-4

Date: Tue, 22 Sep 2015 09:21:05 +0000

Source: libxml2
Source-Version: 2.9.2+zdfsg1-4

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aron Xu <aron@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 22 Sep 2015 16:31:48 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.9.2+zdfsg1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 754424 766884 768089 781232 782782 783010 798642
Changes:
 libxml2 (2.9.2+zdfsg1-4) unstable; urgency=medium
 .
   * Revert everything in N'ACKed NMU revert to 2.9.1.
     - Resolving regression, Closes: #754424
     - Drop the following NMU, not needed in 2.9.2, Closes: #781232
     - Drop not approved patch for GNOME #746048
   * Revert icu dbg drop, but don't hardcode version,
     thanks Matthias Klose <doko>, Closes: #798642
   * Cherry pick upstream post release patches:
     - Fix for regression triggered by CVE-2014-3660, Closes: #768089
     - Fix for the spurious ID already defined error, Closes: #766884
     - Fix for CVE-2015-1819, Closes: #782782
     - Fix for GNOME #744980, Closes: #783010
     - Several fixes for memory related issues.
Checksums-Sha1:
 fef5b2b802b43aba45213e3fb3224c6d2f124f1f 2236 libxml2_2.9.2+zdfsg1-4.dsc
 6dc1815cd83ecda87988d7528fc918f2aca91cfc 2473592 libxml2_2.9.2+zdfsg1.orig.tar.xz
 59f7236eee66d9975ca16f736021d3541e2e08c6 28912 libxml2_2.9.2+zdfsg1-4.debian.tar.xz
 ec2365bda47ee6a263dd4b1fe174e76cc2effeea 1725030 libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 3e74587a1a7e3b0deaa9a3d781b533da84f01ffd 803722 libxml2-dev_2.9.2+zdfsg1-4_amd64.deb
 efbeaa35c8fa8ef27d9021785ee648132ded5f13 822922 libxml2-doc_2.9.2+zdfsg1-4_all.deb
 387ac35b99ac530865d2a1ac3270adc081fc00c8 137928 libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb
 70d5e126077feb769c5f9cd2a38956b4698682a7 102052 libxml2-utils_2.9.2+zdfsg1-4_amd64.deb
 a6e6f93309f7deda98c7252c0bf28acc4aef1819 911438 libxml2_2.9.2+zdfsg1-4_amd64.deb
 9223993950cd7db266a10cd7eda8d58b8f6ebad0 328734 python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 3d1b51b2852e0088581ceeeefdd0c8019522fac9 204182 python-libxml2_2.9.2+zdfsg1-4_amd64.deb
Checksums-Sha256:
 bb83c329d94dff4d0f17f62dac8a0a51b70afb74ac8a028bfb77a9d3dec73aa3 2236 libxml2_2.9.2+zdfsg1-4.dsc
 0e2ba8bcdb181343f78acfacd342f211f70894b904747367c52011ab9a096776 2473592 libxml2_2.9.2+zdfsg1.orig.tar.xz
 8c1c681c3f8d4e2846f66f98a43fcbc7ab85068d6a9c0de6b88ad59fc8e06e8d 28912 libxml2_2.9.2+zdfsg1-4.debian.tar.xz
 da38fb11b37a6fae09eae62733930b35056d5803da2b42f868a5e9a09908ecfe 1725030 libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 fc82258a0110021a80965c177800e452bf9742bbac50e1c8f9c8c4c743160a83 803722 libxml2-dev_2.9.2+zdfsg1-4_amd64.deb
 b5e76aee82ac62387cef685ca0fe0abedf23acaae0c206c983f4d990224ba6bf 822922 libxml2-doc_2.9.2+zdfsg1-4_all.deb
 ccb0196cdaad1d787c318d4d994ae81b88dd2136ce3d63c3263014075ab9770b 137928 libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb
 02ecf74b606d66167fba2ccfe75969a090070bbb3271edb684e47f45403c8daf 102052 libxml2-utils_2.9.2+zdfsg1-4_amd64.deb
 a674c7c8ec332296f7f863056479a56fc9c930a8555ed0e32c525ddd0fb93a2e 911438 libxml2_2.9.2+zdfsg1-4_amd64.deb
 3184ff7cd5a97f8a4ac10baa921fa8dc0eed9bdd3f988ec2a528508a12ccba37 328734 python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 57c886bf510ba13f4a0260ffe0fe695ab5520afdab1c484bef0ca22fe4945f72 204182 python-libxml2_2.9.2+zdfsg1-4_amd64.deb
Files:
 300b64063f16c64b5d7f032a9be9b1a4 2236 libs optional libxml2_2.9.2+zdfsg1-4.dsc
 459ddafff94a763976bbdccfcc6394f7 2473592 libs optional libxml2_2.9.2+zdfsg1.orig.tar.xz
 a5ae56b769f283b71ed92775c1f3104c 28912 libs optional libxml2_2.9.2+zdfsg1-4.debian.tar.xz
 16c656567d095eae94b8c95150aba5a9 1725030 debug extra libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 77d83264daffa6b0af05b51794fadb5b 803722 libdevel optional libxml2-dev_2.9.2+zdfsg1-4_amd64.deb
 edf5b9ab810161675c4e8f664a9ae39e 822922 doc optional libxml2-doc_2.9.2+zdfsg1-4_all.deb
 5cf0a3551a55bcba4baeacb9ca8a77a6 137928 debug extra libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb
 93c68f78234be22aadabdcf4563da323 102052 text optional libxml2-utils_2.9.2+zdfsg1-4_amd64.deb
 9f16349e9a57ec1c05541c07f5ba5e1a 911438 libs standard libxml2_2.9.2+zdfsg1-4_amd64.deb
 801b58d2b542365d42b0e45e88b69bf7 328734 debug extra python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb
 8b94ce23d548357cfbc1a21e2ee4e268 204182 python optional python-libxml2_2.9.2+zdfsg1-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJWARyAAAoJEPbsVcVkKA0eNrQIAKNEig+8WtOfIOCZU8ETX3Gc
wWK6w6IksvqTQl5c2RVxYspmPyz0/85zGCnpdGMb/BRvpI4cK/9D9mGBfH058Ak/
ykbf/B1fusWYzGw/i5wq27cAWuAMPo2LipPEbuvFgwo2Ziaowm8qCuAniUeq1c4x
kJ+09TswBTJ5zmIfU3y+UxQLS/+iMuYfDneGbeFI4YX1r0VzvyT2pd7uBqdl2+6g
zvFiNnUxElnJA/JI/aoJ608X5BIrxhUBWKfmxIzk0VeuzQKYyHu2fgw31nQiizdY
kiqrJstr/DRaQzZSb2SqN6w8SW0vRYw7Qc8n6aWcXk8cYEShZV3L64UN1XV+YnI=
=hQCv
-----END PGP SIGNATURE-----

Message #36 received at 783010-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 783010-close@bugs.debian.org

Subject: Bug#783010: fixed in libxml2 2.9.1+dfsg1-5+deb8u1

Date: Sun, 27 Dec 2015 17:32:09 +0000

Source: libxml2
Source-Version: 2.9.1+dfsg1-5+deb8u1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Dec 2015 15:29:45 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: all source
Version: 2.9.1+dfsg1-5+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 782782 782985 783010 802827 803942 806384
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.1+dfsg1-5+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patches to address CVE-2015-7941.
     CVE-2015-7941: Denial of service via out-of-bounds read. (Closes: #783010)
   * Add 0058-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch.
     CVE-2015-1819: Enforce the reader to run in constant memory.
     (Closes: #782782)
   * Add patches to address CVE-2015-8317.
     CVE-2015-8317: Out-of-bounds heap read when parsing file with unfinished
     xml declaration.
   * Add patches to address CVE-2015-7942.
     CVE-2015-7942: heap-based buffer overflow in
     xmlParseConditionalSections(). (Closes: #802827)
   * Add 0063-Fix-parsing-short-unclosed-comment-uninitialized-acc.patch patch.
     Parsing an unclosed comment can result in `Conditional jump or move
     depends on uninitialised value(s)` and unsafe memory access.
     (Closes: #782985)
   * Add 0064-CVE-2015-8035-Fix-XZ-compression-support-loop.patch patch.
     CVE-2015-8035: DoS when parsing specially crafted XML document if XZ
     support is enabled. (Closes: #803942)
   * Add 0065-Avoid-extra-processing-of-MarkupDecl-when-EOF.patch patch.
     CVE-2015-8241: Buffer overread with XML parser in xmlNextChar.
     (Closes: #806384)
   * Add 0066-Avoid-processing-entities-after-encoding-conversion-.patch patch.
     CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl.
   * Add 0067-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch.
     CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey.
   * Add 0068-CVE-2015-5312-Another-entity-expansion-issue.patch patch.
     CVE-2015-5312: CPU exhaustion when processing specially crafted XML
     input.
   * Add patches to address CVE-2015-7499.
     CVE-2015-7499: Heap-based buffer overflow in xmlGROW.
   * Add 0071-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch.
     CVE-2015-7500: Heap buffer overflow in xmlParseMisc.
Checksums-Sha1: 
 4d69762c6f1d5f748daf80b712a18e5a94a8d947 2591 libxml2_2.9.1+dfsg1-5+deb8u1.dsc
 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz
 004a1df14622f17e21971e6830a04625e51bbebb 48620 libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz
 98aa0e0043be46271211df7f063675b70f15f092 814120 libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb
Checksums-Sha256: 
 edf831eba01aedd2643c3f867d9e2cab00242983f801b268019307901517ef9f 2591 libxml2_2.9.1+dfsg1-5+deb8u1.dsc
 f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz
 03e6e7ece4183fb8028688c0cec39b55dce60d7f67c8351c5655801d9e79c7ac 48620 libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz
 e2a1e9b873a324286ec89828b8bf0f629f3ccf482a77eeff7a7c2314e5863c53 814120 libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb
Files: 
 0f86c710bec848296ce3180fe830a6a9 2591 libs optional libxml2_2.9.1+dfsg1-5+deb8u1.dsc
 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.1+dfsg1.orig.tar.gz
 89ca676465cdde570e22ff4588abc937 48620 libs optional libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz
 f281fb339413bae63912385a43997eb1 814120 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWdcofAAoJEAVMuPMTQ89EALIP/RcI05QIxyi8O0ImrlDUGkBB
sLLUMjidLMTTvsYXovxRB+4KSx8UWD9gqmoakNvy6j6J6tpNKdTkEBDke9DkHIQz
TOaMLoOVouXo0bhc8+gUEI1D5z6OiNpHzmkzoof9CSRwoFVYJHnRFPi6z22i14NZ
wgFkCS/gd2ltPVwFP+4wPEOdWs7VuZfCfxJrzQwlr5Mna5z8tlyMRq3I8FIf3Nps
QMcuBMlSXq3SC0I2Ln9paZWXo8u1JMHU0Dp60tD6C8O/DLw0hD+XAiiJ+CKATRyn
WJIJ7m9DEivBjoMq3eiv3KnMQkIZYDapq2SrDGSoX6Jnxyga1wgPDnvhCGCsY+r7
Wu5YxAR824RewiyZKhtDfXctzhx/pRWPvADAMG3IhqxiswPnXcfKIDe7eVexLDxl
qvv6XhyApRTmMpepSA1Vve9Ey2r72ICkdLn9cL8UckY+ng6XVIODmEC+PflaBKAR
PqVgixpjMhaFjmujINo7ri/iKPvQg587Zv9SwZPXtmSUkww1Wvk4uvV2V70Ukt5u
hEtPRP49d+I/hvZrXgCPugwB0NnCCJHnS1vfvxx2uMEjpImYMfCVPpZ8VJ1YgvIF
QGpUoDR7AVyK9//oeywUB4HyhVG+DhuCSGa4NEW7DdWH/zKEh00hi9RlqhOSwc1J
7kjdF6ts94FQ+g4AaCqF
=aIbj
-----END PGP SIGNATURE-----

Message #41 received at 783010-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 783010-close@bugs.debian.org

Subject: Bug#783010: fixed in libxml2 2.8.0+dfsg1-7+wheezy5

Date: Sun, 27 Dec 2015 21:47:46 +0000

Source: libxml2
Source-Version: 2.8.0+dfsg1-7+wheezy5

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783010@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Dec 2015 15:25:28 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.8.0+dfsg1-7+wheezy5
Distribution: wheezy-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Closes: 782782 782985 783010 802827 803942 806384
Changes: 
 libxml2 (2.8.0+dfsg1-7+wheezy5) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add patches to address CVE-2015-7941.
     CVE-2015-7941: Denial of service via out-of-bounds read. (Closes: #783010)
   * Add CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch.
     CVE-2015-1819: Enforce the reader to run in constant memory.
     Thanks to Mike Gabriel for the patch backport. (Closes: #782782)
   * Add patches to address CVE-2015-8317.
     CVE-2015-8317: Out-of-bounds heap read when parsing file with unfinished
     xml declaration.
   * Add patches to address CVE-2015-7942.
     CVE-2015-7942: heap-based buffer overflow in
     xmlParseConditionalSections(). (Closes: #802827)
   * Add Fix-parsing-short-unclosed-comment-uninitialized-acc.patch patch.
     Parsing an unclosed comment can result in `Conditional jump or move
     depends on uninitialised value(s)` and unsafe memory access.
     (Closes: #782985)
   * Add CVE-2015-8035-Fix-XZ-compression-support-loop.patch patch.
     CVE-2015-8035: DoS when parsing specially crafted XML document if XZ
     support is enabled. (Closes: #803942)
   * Add Avoid-extra-processing-of-MarkupDecl-when-EOF.patch patch.
     CVE-2015-8241: Buffer overread with XML parser in xmlNextChar.
     (Closes: #806384)
   * Add Avoid-processing-entities-after-encoding-conversion-.patch patch.
     CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl.
   * Add CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch.
     CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey.
   * Add CVE-2015-5312-Another-entity-expansion-issue.patch patch.
     CVE-2015-5312: CPU exhaustion when processing specially crafted XML
     input.
   * Add patches to address CVE-2015-7499.
     CVE-2015-7499: Heap-based buffer overflow in xmlGROW.
     Add a specific parser error (XML_ERR_USER_STOP), backported from
     e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream (commit to address
     CVE-2013-2877, the "Try to stop parsing as quickly as possible" was not
     backported).
   * Add CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch.
     CVE-2015-7500: Heap buffer overflow in xmlParseMisc.
Checksums-Sha1: 
 288964c2971b07359e0d1da50497c032157c4fc6 2500 libxml2_2.8.0+dfsg1-7+wheezy5.dsc
 a0fcbc474df4bfaa2a1c6711615ba5a7d79a1208 52569 libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz
 f0b48ad89ecf03785bd5e0a4426e240c866debe8 906394 libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 586bb37db8a93138431c3f82e70edb6a9ca34be0 97750 libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb
 9fe4a33411ce00a2f154b8c738f3c66a991f4726 128438 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 be65e2f8d70d3617162bec08930bfeb7ddd0661a 904114 libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb
 9eff034a330f6ea6c4b406533e66bc6590baf4af 1403666 libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 1b4cf22fda8d5155bad1f18fa0531dc19654b780 1398210 libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb
 af3bb078f593e1957c5e48642a5fa88f09a714e0 347140 python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 36341f7a5caddf119711ff4c13b06e476959794a 729548 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
Checksums-Sha256: 
 454b8a84b9c34a9ebd61c003756211fa6dcf6080f2cb415217bb339bad6fbb4f 2500 libxml2_2.8.0+dfsg1-7+wheezy5.dsc
 599affacd35df3b12f2860990469d59235c4c8446051b578de0f9666126eca5b 52569 libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz
 d407b28f5397676ef7122b6196e087bf806d613ca43a68494c80e743235f30f7 906394 libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 ce33a35a137f09d1f9d77fb1fd6dce3ac4a19c3f16bee087eb3e768bf880ab3b 97750 libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb
 c3623fa4a037571ec2b8b726bfcb06aeccfe6dee953a64ea6b8b2b93d1cd1d92 128438 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 3cf0d5b5ea97818a470abb2ca7b9b258c445a469d937518cd2a82421a4244de3 904114 libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb
 3e24c0b57c5b327c6e192d94f5a5972c4f42f1552ff7730b5b1583b9ad216326 1403666 libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 ec9a9a8123261fbb49a46e3e824690f67145a5521a8bd7a2767fcc1ed3e7256c 1398210 libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb
 2a9a75641a2573b238a7ff821e88eb829552d5dd5d499e7c21b6a7be264031f4 347140 python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 5a08fe8a0e138c3bf7a0e14c1ddef5f7597b256060fef505e8b81b35ccfe609a 729548 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
Files: 
 5ca9fbed5febc8572bc0b8deb83a53aa 2500 libs optional libxml2_2.8.0+dfsg1-7+wheezy5.dsc
 21a4180463465e1222033008edc782ed 52569 libs optional libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz
 2092576dba6892701056668969758669 906394 libs standard libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 3c7fa309df5585c539ba4c83c8e096d6 97750 text optional libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb
 0aadd85a7532b2ffd00b2bb80161f94e 128438 debug extra libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 a86b1a8606b96128e275986140571034 904114 libdevel optional libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb
 30520c11a1f24c3cc36dd974dfd4b317 1403666 debug extra libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb
 70c4278129396532ca6a3fe0636b952c 1398210 doc optional libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb
 54fc8284a5987313e5825bf0dc102002 347140 python optional python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb
 0063c9820135120a8870133e3f55d44c 729548 debug extra python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWdcXjAAoJEAVMuPMTQ89En4AP/3RogvRIvGLby1mnADH5qn8B
imI71JA1BYnwFdjo1CSIRt5P5K1VAUY9hBmYObBn01Kh7+BjP5Lq+TBzNd1jaDxP
XCa1UwkHjHBlMS+MMU0cipSVPr7ogAzfRrzRzEMF/wvQeikU3QVt/2o+zCnsBIW+
ibqEh48ElpBL4Z7C1oaqjVK/oETnF2KhdgOnyhu/RCTQ3RaxjvLZbLnCKP4bS0uL
js1DSiK8jyvX3dRxAMyNo7qR0XgSlTWhqm5yPL3NPazLouEl14FtoMT0Wpls4O7Q
qhKvqJZ5PW9tFljk+J5MdW+dfCOjWtRfqAN9UeUdez+UeLoGhl3bMOBrvlaJ/Fkq
QXOkenqYYhfhJXniTYUyHlTcJhPDnTKLVi6vcAm0VR3OMtFUQ1PdbyfHH4/YbrzD
eSagPMPJHhN3+WOWcgfqIlbsdQv6Qxq1X415dx8CFxNTVGQ0iBt+VqRgSTFQZ2iF
ewbpKSPcWu/eOfwvQpH762UX13dxRuDI2NHDfqyRqQK3Z7Ty+d3ySSjbAK2y+rzD
WPDob6ivOWc5xzkahPR/hdcNOQegQlR+CTdDZNYnh4am0EX7x3ufzlpPspGtqSm9
s5tTLka9EAjZT/zYNM+gP+GSZxc3d72+yz5N3r9MkBELjfWoXL0Oc5YnYTsorB0I
WdU1WCL6XUnuvspnwmsb
=3ALJ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.